The Senate Finance Committee is planning a hearing with UnitedHealth Group CEO Andrew Witty on April 30, The Washington Post reports.
The Post attributes the date to a familiar but unnamed source. It was reported March 22 that the Senate Finance Committee was working to secure a hearing with Mr. Witty this spring.
Senators' inquiry will occur more than two months after UnitedHealth subsidiary Change Healthcare reported a cyberattack Feb. 21 in a situation that has since evolved to become "the most significant and consequential incident of its kind against the U.S. healthcare system in history," according to the American Hospital Association.
Change Healthcare confirmed to Becker's Feb. 29 the cybersecurity issue was perpetrated by a "cybercrime threat actor who has represented itself to us as ALPHV/Blackcat," a ransomware as a service group.
Change Healthcare merged with Optum, a subsidiary of UnitedHealth Group, in October 2022. Mr. Witty has been the CEO of UnitedHealth Group since February 2021, following a three-year tenure as CEO of Optum.
Mr. Witty is set to be the only witness at the April 30 hearing, according to the Post. Senate Finance Chairman Ron Wyden has emphasized the importance of CEO accountability in addressing healthcare cyberattacks.
"For a long time, these private companies have been allowed to set their own standards, and it doesn't seem very surprising that neither UnitedHealth Group nor federal agencies were prepared for the attack on Change Healthcare and its fallout," the senator said in a March 14 session on HHS' proposed 2025 budget.
Mr. Wyden noted that while the HHS budget includes increased penalties for compliance violations and mandatory cybersecurity standards for hospitals, he believes additional measures are necessary.
"Mandatory standards are a great first step. But we've got to do more. The next step has to be fines and accountability for negligent CEOs, for example, which will enable HHS to better protect patients and our national security."